Carrier IQ and the resulting media outcry was certainly the topic of the week in the tech community last week. Now that we’ve had the weekend to digest the information, a few news outlets (that I’ve noticed, anyway) are starting to promote the idea that Carrier IQ is a good service, collecting usage data so that carriers and cell phone manufacturers to improve their cellular service and phone quality so that users can have a better overall experience. Several of these stories go on to suggest that the hullabaloo created by the tech media have caused concerns that simply aren’t or shouldn’t be there.

One of the more puzzling articles I’ve read this morning comes from Matthew Miller at ZDNet, which basically states that since Carrier IQ is good for us, we should just sit back and let them do what they do. Mr Miller states that:

It today’s online world we give up a lot of privacy and it looks like the Carrier IQ issue is nothing to really be concerned aboutMatthew MillerZDNet

At its core, I agree with Mr. Miller’s argument. I believe that Carrier IQ can truly help companies such as Sprint and Samsung improve the services they provide to paying customers. Where I feel Mr. Miller completely misses the boat is his suggestion that because we as customers don’t notice that it’s on our devices, we should simply allow it to do its thing and track our information.

I completely disagree with this notion for two reasons. First, whether or not Carrier IQ actually records the content of your messages or sites you visit or whatever you do on your device, looking at the permission list as well as tests performed by a few security researchers show that it has the permissions and ability to track these things. One simple change on Carrier IQ’s end, either of their own volition or at the request of one of their customers, and they can start recording this information on their servers.

The second point of contention is the fact that Carrier IQ’s service is opt-in by default. When I install the popular CyanogenMod ROM on my phone, I get asked if I want to send usage statistics to better the service the CyanogenMod team providers. When I installed Google Chrome, Google asked if I wanted to send usage statistics to help Google improve the Chrome operating system. In both cases (and many more), I happily obliged because I knew what information they were using, and why they were using it. Furthermore, I believed in the causes enough to give up some privacy so that the services I know and like could continue to get better.

With Carrier IQ, the service runs in the background every time you start your phone, and you’re never told what they’re using your information for, let alone what information they’re actually using. Yes, we now know that the likes of Sprint and Samsung are using Carrier IQ’s software to improve the service they provide to their customers, but we wouldn’t have known this unless this situation was brought to our attention.

Carrier IQ and its customers never asked us if we wanted to help them improve their service, they forced us to help them. They don’t tell us what information they’re taking, and how that information is being used to better our experience. And even in a mobile world where our privacy is becoming less and less important, services that are opt-in by default are violations of privacy, and deserve to be brought to the attention of the public.

Yeah, I probably could have written another 800 words stating that Carrier IQ should only have permissions to those things that it needs to track (seriously, it doesn’t need read access to message content), but the article was getting too long as it is.

It also seems like Miller has the same laissez-faire view as Zuckerberg with Facebook. But the root of the issue is not what the organization is doing with its consumers’ info on the surface… it’s the potential to do harm that counts.

I’m gonna have to disagree. I don’t believe they need ANY permissions at all. First of all, some carriers have stated they don’t use Carrier IQ, and it is also not present in some phones. In my interpretation, that means they don’t need it. They choose to need and use it in the phones they do so with. Let’s not forget how massive these carriers are and the vast amount of resources at their disposal for them to breedsomething like this to diagnose a problem or whatever. Whatever they’re claiming to need this for is a gross mishandling of their consumers’ privacy.

I’m no privacy control freak either, but I think allowing a service like this to exist is only a foot in the door for what’s to come. Next thing you know they’re tracking those numbers they’ve collected from you and linking them to a profile under your name to create a map of your social interactions that they can sell to advertising companies “in order to provide you with a better spamming experience.”

What happen to all the Virus protection programs like Lookout Security & Antivirus: FEATURES
Security
*Antivirus: Block Malware, Spyware, and trojans.

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior.

the article was just right and on the money with the issue at hand. Another 800 words would have been fine with this kind of specific focus on the issues which Miller seems to set aside as not important. Good stuff!

Of course that require opting it. If not it’s violation.
It’s maybe time to say stop to this endless violation of private life… What next seriously ?
But it’s appears that some people don’t bother at all.

I want to add that the question is : will it be an “opt-in” or will it be an “opt-out”… because the lambda don’t give a damn about those kind of thing, look at the apple iAd, you can “opt-out” but no one does.

What bugs me about this debacle is that I’m paying for them to gather valuable data about me. I’ve paid for the phone, I’m paying a premium for smartphone service; aren’t they making enough money off me as it is?

Ahh.. but if you read most of the fine print, the carriers use these sort of things as a way to justify the offset in cost they’re absorbing with the device they’ve sold you. It doesn’t matter that they have you on the hook for 2 years at a contractual price (that more than makes up for the cost of the device they’re eating) they’re going to find any and all ways to make more money.

I agree, but think it should go one step further and let me know exactly what information Carrier IQ or whatever they are using is sending back to the server because as of right now I don’t think anyone has exactly stated this is what we track; it’s all been here is what we don’t track (please someone correct me if I’m wrong with this). I’m all for sending back errors because of dropped calls, unsent text messages, etc. However I don’t want them actually able to view the contents of the messages.

I also agree 100%. Simply allowing users to know that this software is running and giving them the option to opt-out is all it takes to make users happy (well, me at least).

I am still sifting through the information available, but I am leaning toward the carriers for being at fault here. The Carrier IQ product is used by carriers (and manufacturers), so it should be their responsibility to implement the software in a transparent way (and in compliance with any laws)

Carrier IQ is just simply wrong for not informing us what they are doing, I dont have a problem with HTC or Google sending anonymous information so I “could get better” quality services like ad’s. But once an HTTPS site is entered i think no one should be able to get that information, it should be between you and the site.

Yes yes what Carrier IQ did was terrible. However we must still remember that the one mainly at fault here is the carriers as they are the one who installed those apps into our phones without our knowledge. Carrier IQ only makes the tool. The carriers are the one using it.

Anyways I too also believe Carrier IQ can a very good service that helps improve our experience. However it really needs to be transparent with what it do and allows us to disable it. What interests me is why do they need to look at the content of our text messages?

Also I thinking opting-in should be the default while allowing us to opt-out. Normal users will normally be scared of anything like this even if it could benefit them and choose not to opt-in. What could be better done is instead change the permissions to only use what it needs because right now the permissions it required is just ridiculous. You need to have that MANY? It’s totally fishy!

Of course a service like this can be helpful. The service can also be harmful though, i.e. the ability to track stuff that has no relevance to improving my service, such as reading contents of messages. Alfred Nobel created the Nobel Peace Prize because the dynamite he invented to help miners ended up being used to blow bank vaults and such. Give evil (evil corporations!) a great tool, and they’ll do greatly bad things with it.

Sure the service could/should be allowed to exist but not against our wills! You make the best point that we should be able to opt into it. I’d like to see someone attempt to justify the opposite. I love Millers “Pay no attention to the man behind the curtain” approach. Its entertaining, if you ask me ;)

i understand why companies want this sort of feedback loop in place and how that can benefit consumers, but the worlds roads are paved in good intentions. it just takes one government, or politician to realize that they can use this information for their own ends and guess what, the tool is already in place, and nobody needs to know what they are doing.

there is a lot of push back on tons of things in governments these days (speaking for US because that is what i know) you just need to listen to some of the OWS grievances. I liken this Carrier IQ thing to campaign donations. they help the system. popular candidates benefit form support and that makes the system run. but if you believe for a second that someone/somegroup won’t take advantage of any lack of transparency they can find you are wrong.

the reason i prefer Android is the transpancy built into app installs and the open nature of the developer/consumer interaction. I don’t need to get apps through google (market) or even carriers (sticking to the vanilla nexus line, naturally). if there is something i want, i can see what it accesses and make my own judgement. the fact that that choice is taken away is a huge issue. perhaps not for everyday consumers (like with anything the “masses” are clueless) but for many users on this site, this is a core reason why we choose this operating system.

This is the problem I have with all of this too. I love the Android atmosphere for its choices. You can choose what you want and how you want it. I have no problem helping these companies provide better service but it has to be a choice.

Thank goodness for the Android community and their raising of awareness on this. CIQ needs to be a choice a consumer makes not a decision a company makes for them.

Mmmmm…. Excellent article. I appreciate the whole “i agree it can be good thing but it’s terrible the way they implemented it by forcing us to use it and not telling us what they are tracking.” I agree that companies earn more trust by simply asking and informing us.

“There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live–did live, from habit that became instinct–in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.”
George Orwell, from his 1949 classic novel, “1984″

I think the problem with opt-in, instead of opt-out, is that many average users, who have nothing to fear, will see this request as something scary and therefore not opt-in. I think, for the average user, having CarrierIQ on your phone isn’t a big deal. For power users, or those “in the know”, it may be — but they are also likely to be the ones to know how to go in and opt-out.

The problem with people not opting-in because of a scary message asking them to opt-in is that you will have a much smaller sample size this way, thus likely making it more difficult to analyze and find issues.

I am not downplaying privacy issues, however.. I still think a careful eye needs to be watching these groups that collect data to make sure they are using it properly.

Yes, many people would not opt-in for fear of privacy violations, or a scary opt-in message, but I think everyone should have the choice. Make it clear what you’re using and what you’re using it for, and people will choose to help you if they want to help you.

The other alternative is to grant permissions only to things that Carrier IQ needs to get it’s job done. If it doesn’t/won’t store content of texts, why does it need access to those things?

You bring up a good point. Taking that a little further; how about allowing users to select permissions for an app just like enabling/disabling a module. That would certainly help ease people’s minds about sharing information Carrier IQ tracks.

It should definitely be opt-in only, and on top of this there’s another point related to accepting terms when getting a new phone that should be dealt with. I recently purchased a smartphone and it was set up by my carrier’s sales rep at the store, at which time the salesperson who set up the phone for me went ahead and accepted all the license agreements because I didn’t see a single one when I received the phone.

All of the responses to the Carrier IQ situation that pointed out that by accepting the general usage terms of the phone I accepted Carrier IQ don’t take into account the fact that my carrier’s sales rep accepted them for me. I didn’t agree to anything myself regarding usage of this phone.

I agree with your article completely, but I think on top of this certain things shouldn’t be able to seen. For example, see if my SMS goes through or errors out…this is a statistic you care about but you DO NOT need to know the content of the SMS.

You don’t need to monitor every phone number, everyone URL and if it’s https it’s https for a reason exclude these from your software for monitoring.

So keep it up and good article, don’t just roll over and accept giving up your privacy with out knowing what your getting into and why your giving it up.

I like to think of CarrierIQ thing as the circle of manufacturing. You buy the phone & software on it -> Carrier IQ records what you do -> Carriers/Manufactures buy the info to improve your phone experience. I’m glad we have this system but I’m not happy they try and hide their actions…

It just seems that technology has driven businesses to have tracking in almost anywhere to fuel marketing and more. At first I was against the whole invasion of my privacy as I felt it was a right but it seems like that right doesn’t exist at times when you don’t even know your privacy is being violated.

I understand that Carrier IQ, Sprint, and Samsung probably have been getting accurate results by running on every device but MAN do I feel used. A simple ‘you could have asked’ would have been fine. So although Carrier IQ is a good service their invasion without permission leaves a sour taste.

I love the points you described in the article. Opt-in + a list of what it will track would be acceptable for a lot of people. But Carrier IQ just blew the sandbox security idea surrounding Android to smithereens. I wonder how Google feels about all this.

It seems like the further we dig into these devices, the more stuff we find that we are not happy with. Phone companies/carriers always talk really big on how they believe in protecting your privacy, but they “never” throw their own names into the threat pool. Great article. Sad thing is that for the people that don’t follow android or read any articles, they are always at risk and never know it.

Were the practices of Carrier IQ, if not the specific name of the app and methods, disclosed in carrier contracts and privacy statements? Certainly few people read those thoroughly, and it does seem like the app’s permissions go well beyond what it is purportedly doing – I wonder if the app’s permissions go beyond what subscribers agreed to in their agreements. There could have been more pro-active transparency, but I can’t believe the carriers wouldn’t have gotten at least thr pro-forma permission of signing a contract or privacy policy.

I have no doubt that Carrier IQ is helping carriers do what they do. It’s just a little unnerving that it was such a secret until this explosion of news recently. I agree with the argument of opting in completely, I wouldn’t mind helping the carriers out, I’d just like a little heads up about it, you know?

To your list of grievances I would also add data security.
By that I mean the appearance of plain-text user data in the logs to be intercepted (or harvested at a later point) by any number of software.

If I were to discover that my opting into Chrome’s usage statistics sharing exposes my searches or other personal data to world’s prying eyes, I would revoke it lickety-split and fire off an angry bug report.

The biggest issue I have with this is the fact that so many ‘innocent’ (in this case anyhow) companies are going to be dragged through the mud in this. If you look at this morning’s new list of companies being class actioned over this, some of them are bystanders.

The companies at fault, more than even CIQ, imho.. are the carriers that have willingly asked for this software, and installed it on new devices. I wonder how many devices we’d have that operated better without this additional bloat being installed.

I’m hoping that companies like Samsung, HTC, and even the carriers that don’t utilize it come out and openly state: ‘We didn’t want this crap installed in the first place.. AT&T/Sprint/T-Mobile/etc install whatever they see fit, since they’re subsidizing the cost of the handsets in the first place.’

Which brings me to my next point.. if you’re buying this device, retail, out of contract.. under WHAT law do these companies seem to think they have the right to install this software? It’d be like buying a new car, installing a bunch of aftermarket mods that decrease the performance, MPG, emissions, and it reports on your location, what you’re buying, who you’re with, etc….. and then selling it as a brand new car…

they can read and see EVERYTHING you do on your phone, even keystrokes (=passwords). even if they say they dont want to know it, they could. and they didnt tell anyone. thats just spying.

everyone should be concerned about this. and everyone talking about post-privacy should think about others who truely need privacy.

the main problem is, if you say “they didnt do anything with it, why shouldnt they collect all that data” everyone will start their own data collection. and not for technical purposes. data mining is a big issue today and we need to stop big companys spying on us in every corner of our lives.

I think the way it is used at apple is the best way. Although they are removing it. 1) you can opt out. 2) it only tracks location and other meaningful data. I think it should also maybe track signal strength. That way you can generate an anonymous map of when your network strengths and weaknesses are.

I have a hard time understanding people who dont mind some company harvesting information about you. It´s all about information today, dosn´t mather for what purpouse they want it. First of, why should i give them information that they can sell or use for whatever they want. Did they ask me? Do i get any profit from it? Think about the total amount of data that they collect, do they pay for the data fee, no, we do!

So stop collecting our data or start paying us for giving you information! Of course after you asked for permission to collect it!

All i really have to say on this matter anymore is this: Google has more data on everyone in the world, than everyone in the world has. They have almost ALWAYS stated they are doing so, given the opportunity to say ‘yes or no’ to it, and kept safety a top priority on all the info. Gmail comes to mind, scanning email content to generate relavent ads. There was an outcry, Google said, “It’s safe, if you don’t want the ads, use another email. Trust us, or don’t. it’s up to you.”

SOOOOOO here’s the problem. Carrier who? Without knowledge of the company, the program, the info gathered, how it’s being stored, OR the option to use it or not – this entire thing isn’t so much about data gathering, it’s about WTF just happened? It was under handed, shady, and continues to be so with CarrierIQ.

The stigma of secrecy and lack of choice is the large issue here, along with no one knowing the security practices of those gathering the info in the first place.

What I don’t understand is that if this is tracking personal information aren’t they required to notify you? The fact that they are being looked at for illegal wiretapping says a lot about the permissions this software has. The fact that they are trying to avoid taking responsibility says to me that they know they were wrong and that they don’t want the punishment that comes with it. A basic can we collect this data would have made this issue disappear but instead the companies involved hid what they were doing until someone called them on it.

I dont really know whats this all about, but yeah, they shouldve asked me if i want it installed and offer a way to uninstall it.
Maybe it’s a good thing but I dont like being treaten like a morron, it’s my device, i want to own him, control him and whatever i want with it!

A guy I know at work today was bashing Android for CarrierIQ… until I pointed out to him that Apple has been using it as well. He didn’t want to believe it until I showed him with a quick Google search.

I agree that it’s a carrier nessecity to have something like CIQ, but it simply needs to have access only to data carriers need and as stated needs to be something you have to opt in to. The major bad publicity is the opportunity for another company to step in. However, I think it’s safe to bet CIQ is locked into contracts with carriers.

If Carrier IQ can’t help the providers achieve their goals of improving service by any other way than hiding, deceiving and gathering far more information than they actually need, they do not deserve to exist.

@Electrofreak, I had to let at least one of my co-workers know that he was only safe from CIQ after he installed iOS5. Never heard another thing!

Yeah, I probably could have written another 800 words stating that Carrier IQ should only have permissions to those things that it needs to track (seriously, it doesn’t need read access to message content), but the article was getting too long as it is.

It also seems like Miller has the same laissez-faire view as Zuckerberg with Facebook. But the root of the issue is not what the organization is doing with its consumers’ info on the surface… it’s the potential to do harm that counts.

I’m gonna have to disagree. I don’t believe they need ANY permissions at all. First of all, some carriers have stated they don’t use Carrier IQ, and it is also not present in some phones. In my interpretation, that means they don’t need it. They choose to need and use it in the phones they do so with. Let’s not forget how massive these carriers are and the vast amount of resources at their disposal for them to breedsomething like this to diagnose a problem or whatever. Whatever they’re claiming to need this for is a gross mishandling of their consumers’ privacy.

I’m no privacy control freak either, but I think allowing a service like this to exist is only a foot in the door for what’s to come. Next thing you know they’re tracking those numbers they’ve collected from you and linking them to a profile under your name to create a map of your social interactions that they can sell to advertising companies “in order to provide you with a better spamming experience.”

What happen to all the Virus protection programs like Lookout Security & Antivirus: FEATURES
Security
*Antivirus: Block Malware, Spyware, and trojans.

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior.

the article was just right and on the money with the issue at hand. Another 800 words would have been fine with this kind of specific focus on the issues which Miller seems to set aside as not important. Good stuff!

Of course that require opting it. If not it’s violation.
It’s maybe time to say stop to this endless violation of private life… What next seriously ?
But it’s appears that some people don’t bother at all.

I want to add that the question is : will it be an “opt-in” or will it be an “opt-out”… because the lambda don’t give a damn about those kind of thing, look at the apple iAd, you can “opt-out” but no one does.

What bugs me about this debacle is that I’m paying for them to gather valuable data about me. I’ve paid for the phone, I’m paying a premium for smartphone service; aren’t they making enough money off me as it is?

Ahh.. but if you read most of the fine print, the carriers use these sort of things as a way to justify the offset in cost they’re absorbing with the device they’ve sold you. It doesn’t matter that they have you on the hook for 2 years at a contractual price (that more than makes up for the cost of the device they’re eating) they’re going to find any and all ways to make more money.

I agree, but think it should go one step further and let me know exactly what information Carrier IQ or whatever they are using is sending back to the server because as of right now I don’t think anyone has exactly stated this is what we track; it’s all been here is what we don’t track (please someone correct me if I’m wrong with this). I’m all for sending back errors because of dropped calls, unsent text messages, etc. However I don’t want them actually able to view the contents of the messages.

I also agree 100%. Simply allowing users to know that this software is running and giving them the option to opt-out is all it takes to make users happy (well, me at least).

I am still sifting through the information available, but I am leaning toward the carriers for being at fault here. The Carrier IQ product is used by carriers (and manufacturers), so it should be their responsibility to implement the software in a transparent way (and in compliance with any laws)

Carrier IQ is just simply wrong for not informing us what they are doing, I dont have a problem with HTC or Google sending anonymous information so I “could get better” quality services like ad’s. But once an HTTPS site is entered i think no one should be able to get that information, it should be between you and the site.

Yes yes what Carrier IQ did was terrible. However we must still remember that the one mainly at fault here is the carriers as they are the one who installed those apps into our phones without our knowledge. Carrier IQ only makes the tool. The carriers are the one using it.

Anyways I too also believe Carrier IQ can a very good service that helps improve our experience. However it really needs to be transparent with what it do and allows us to disable it. What interests me is why do they need to look at the content of our text messages?

Also I thinking opting-in should be the default while allowing us to opt-out. Normal users will normally be scared of anything like this even if it could benefit them and choose not to opt-in. What could be better done is instead change the permissions to only use what it needs because right now the permissions it required is just ridiculous. You need to have that MANY? It’s totally fishy!

Of course a service like this can be helpful. The service can also be harmful though, i.e. the ability to track stuff that has no relevance to improving my service, such as reading contents of messages. Alfred Nobel created the Nobel Peace Prize because the dynamite he invented to help miners ended up being used to blow bank vaults and such. Give evil (evil corporations!) a great tool, and they’ll do greatly bad things with it.

Sure the service could/should be allowed to exist but not against our wills! You make the best point that we should be able to opt into it. I’d like to see someone attempt to justify the opposite. I love Millers “Pay no attention to the man behind the curtain” approach. Its entertaining, if you ask me ;)

i understand why companies want this sort of feedback loop in place and how that can benefit consumers, but the worlds roads are paved in good intentions. it just takes one government, or politician to realize that they can use this information for their own ends and guess what, the tool is already in place, and nobody needs to know what they are doing.

there is a lot of push back on tons of things in governments these days (speaking for US because that is what i know) you just need to listen to some of the OWS grievances. I liken this Carrier IQ thing to campaign donations. they help the system. popular candidates benefit form support and that makes the system run. but if you believe for a second that someone/somegroup won’t take advantage of any lack of transparency they can find you are wrong.

the reason i prefer Android is the transpancy built into app installs and the open nature of the developer/consumer interaction. I don’t need to get apps through google (market) or even carriers (sticking to the vanilla nexus line, naturally). if there is something i want, i can see what it accesses and make my own judgement. the fact that that choice is taken away is a huge issue. perhaps not for everyday consumers (like with anything the “masses” are clueless) but for many users on this site, this is a core reason why we choose this operating system.

This is the problem I have with all of this too. I love the Android atmosphere for its choices. You can choose what you want and how you want it. I have no problem helping these companies provide better service but it has to be a choice.

Thank goodness for the Android community and their raising of awareness on this. CIQ needs to be a choice a consumer makes not a decision a company makes for them.

Mmmmm…. Excellent article. I appreciate the whole “i agree it can be good thing but it’s terrible the way they implemented it by forcing us to use it and not telling us what they are tracking.” I agree that companies earn more trust by simply asking and informing us.

“There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live–did live, from habit that became instinct–in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.”
George Orwell, from his 1949 classic novel, “1984″

I think the problem with opt-in, instead of opt-out, is that many average users, who have nothing to fear, will see this request as something scary and therefore not opt-in. I think, for the average user, having CarrierIQ on your phone isn’t a big deal. For power users, or those “in the know”, it may be — but they are also likely to be the ones to know how to go in and opt-out.

The problem with people not opting-in because of a scary message asking them to opt-in is that you will have a much smaller sample size this way, thus likely making it more difficult to analyze and find issues.

I am not downplaying privacy issues, however.. I still think a careful eye needs to be watching these groups that collect data to make sure they are using it properly.

Yes, many people would not opt-in for fear of privacy violations, or a scary opt-in message, but I think everyone should have the choice. Make it clear what you’re using and what you’re using it for, and people will choose to help you if they want to help you.

The other alternative is to grant permissions only to things that Carrier IQ needs to get it’s job done. If it doesn’t/won’t store content of texts, why does it need access to those things?

You bring up a good point. Taking that a little further; how about allowing users to select permissions for an app just like enabling/disabling a module. That would certainly help ease people’s minds about sharing information Carrier IQ tracks.

It should definitely be opt-in only, and on top of this there’s another point related to accepting terms when getting a new phone that should be dealt with. I recently purchased a smartphone and it was set up by my carrier’s sales rep at the store, at which time the salesperson who set up the phone for me went ahead and accepted all the license agreements because I didn’t see a single one when I received the phone.

All of the responses to the Carrier IQ situation that pointed out that by accepting the general usage terms of the phone I accepted Carrier IQ don’t take into account the fact that my carrier’s sales rep accepted them for me. I didn’t agree to anything myself regarding usage of this phone.

I agree with your article completely, but I think on top of this certain things shouldn’t be able to seen. For example, see if my SMS goes through or errors out…this is a statistic you care about but you DO NOT need to know the content of the SMS.

You don’t need to monitor every phone number, everyone URL and if it’s https it’s https for a reason exclude these from your software for monitoring.

So keep it up and good article, don’t just roll over and accept giving up your privacy with out knowing what your getting into and why your giving it up.

I like to think of CarrierIQ thing as the circle of manufacturing. You buy the phone & software on it -> Carrier IQ records what you do -> Carriers/Manufactures buy the info to improve your phone experience. I’m glad we have this system but I’m not happy they try and hide their actions…

It just seems that technology has driven businesses to have tracking in almost anywhere to fuel marketing and more. At first I was against the whole invasion of my privacy as I felt it was a right but it seems like that right doesn’t exist at times when you don’t even know your privacy is being violated.

I understand that Carrier IQ, Sprint, and Samsung probably have been getting accurate results by running on every device but MAN do I feel used. A simple ‘you could have asked’ would have been fine. So although Carrier IQ is a good service their invasion without permission leaves a sour taste.

I love the points you described in the article. Opt-in + a list of what it will track would be acceptable for a lot of people. But Carrier IQ just blew the sandbox security idea surrounding Android to smithereens. I wonder how Google feels about all this.

It seems like the further we dig into these devices, the more stuff we find that we are not happy with. Phone companies/carriers always talk really big on how they believe in protecting your privacy, but they “never” throw their own names into the threat pool. Great article. Sad thing is that for the people that don’t follow android or read any articles, they are always at risk and never know it.

Were the practices of Carrier IQ, if not the specific name of the app and methods, disclosed in carrier contracts and privacy statements? Certainly few people read those thoroughly, and it does seem like the app’s permissions go well beyond what it is purportedly doing – I wonder if the app’s permissions go beyond what subscribers agreed to in their agreements. There could have been more pro-active transparency, but I can’t believe the carriers wouldn’t have gotten at least thr pro-forma permission of signing a contract or privacy policy.

I have no doubt that Carrier IQ is helping carriers do what they do. It’s just a little unnerving that it was such a secret until this explosion of news recently. I agree with the argument of opting in completely, I wouldn’t mind helping the carriers out, I’d just like a little heads up about it, you know?

To your list of grievances I would also add data security.
By that I mean the appearance of plain-text user data in the logs to be intercepted (or harvested at a later point) by any number of software.

If I were to discover that my opting into Chrome’s usage statistics sharing exposes my searches or other personal data to world’s prying eyes, I would revoke it lickety-split and fire off an angry bug report.

The biggest issue I have with this is the fact that so many ‘innocent’ (in this case anyhow) companies are going to be dragged through the mud in this. If you look at this morning’s new list of companies being class actioned over this, some of them are bystanders.

The companies at fault, more than even CIQ, imho.. are the carriers that have willingly asked for this software, and installed it on new devices. I wonder how many devices we’d have that operated better without this additional bloat being installed.

I’m hoping that companies like Samsung, HTC, and even the carriers that don’t utilize it come out and openly state: ‘We didn’t want this crap installed in the first place.. AT&T/Sprint/T-Mobile/etc install whatever they see fit, since they’re subsidizing the cost of the handsets in the first place.’

Which brings me to my next point.. if you’re buying this device, retail, out of contract.. under WHAT law do these companies seem to think they have the right to install this software? It’d be like buying a new car, installing a bunch of aftermarket mods that decrease the performance, MPG, emissions, and it reports on your location, what you’re buying, who you’re with, etc….. and then selling it as a brand new car…

they can read and see EVERYTHING you do on your phone, even keystrokes (=passwords). even if they say they dont want to know it, they could. and they didnt tell anyone. thats just spying.

everyone should be concerned about this. and everyone talking about post-privacy should think about others who truely need privacy.

the main problem is, if you say “they didnt do anything with it, why shouldnt they collect all that data” everyone will start their own data collection. and not for technical purposes. data mining is a big issue today and we need to stop big companys spying on us in every corner of our lives.

I think the way it is used at apple is the best way. Although they are removing it. 1) you can opt out. 2) it only tracks location and other meaningful data. I think it should also maybe track signal strength. That way you can generate an anonymous map of when your network strengths and weaknesses are.

I have a hard time understanding people who dont mind some company harvesting information about you. It´s all about information today, dosn´t mather for what purpouse they want it. First of, why should i give them information that they can sell or use for whatever they want. Did they ask me? Do i get any profit from it? Think about the total amount of data that they collect, do they pay for the data fee, no, we do!

So stop collecting our data or start paying us for giving you information! Of course after you asked for permission to collect it!

All i really have to say on this matter anymore is this: Google has more data on everyone in the world, than everyone in the world has. They have almost ALWAYS stated they are doing so, given the opportunity to say ‘yes or no’ to it, and kept safety a top priority on all the info. Gmail comes to mind, scanning email content to generate relavent ads. There was an outcry, Google said, “It’s safe, if you don’t want the ads, use another email. Trust us, or don’t. it’s up to you.”

SOOOOOO here’s the problem. Carrier who? Without knowledge of the company, the program, the info gathered, how it’s being stored, OR the option to use it or not – this entire thing isn’t so much about data gathering, it’s about WTF just happened? It was under handed, shady, and continues to be so with CarrierIQ.

The stigma of secrecy and lack of choice is the large issue here, along with no one knowing the security practices of those gathering the info in the first place.

What I don’t understand is that if this is tracking personal information aren’t they required to notify you? The fact that they are being looked at for illegal wiretapping says a lot about the permissions this software has. The fact that they are trying to avoid taking responsibility says to me that they know they were wrong and that they don’t want the punishment that comes with it. A basic can we collect this data would have made this issue disappear but instead the companies involved hid what they were doing until someone called them on it.

I dont really know whats this all about, but yeah, they shouldve asked me if i want it installed and offer a way to uninstall it.
Maybe it’s a good thing but I dont like being treaten like a morron, it’s my device, i want to own him, control him and whatever i want with it!

A guy I know at work today was bashing Android for CarrierIQ… until I pointed out to him that Apple has been using it as well. He didn’t want to believe it until I showed him with a quick Google search.

I agree that it’s a carrier nessecity to have something like CIQ, but it simply needs to have access only to data carriers need and as stated needs to be something you have to opt in to. The major bad publicity is the opportunity for another company to step in. However, I think it’s safe to bet CIQ is locked into contracts with carriers.

If Carrier IQ can’t help the providers achieve their goals of improving service by any other way than hiding, deceiving and gathering far more information than they actually need, they do not deserve to exist.

@Electrofreak, I had to let at least one of my co-workers know that he was only safe from CIQ after he installed iOS5. Never heard another thing!